package jdbc;

import java.sql.*;

/**
 * 使用预编译SQL防止SQL注入攻击
 */
public class JDBCDemo9 {
    public static void main(String[] args) {
        UserInfo userInfo = InputUtil.getInputObject(new UserInfo(),"欢迎登陆","登录");
        System.out.println(userInfo);
        try (
                Connection conn = DBUtil.getConnection();
        ){
            String sql = "SELECT id,username,password,nickname " +
                         "FROM userinfo " +
                         "WHERE username=? " +
                         "AND password=?";
            PreparedStatement ps = conn.prepareStatement(sql);
            ps.setString(1,userInfo.getUsername());
            ps.setString(2, userInfo.getPassword());
            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }

        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
